Cryptology ePrint Archive: Report 2020/956

Constant Time Montgomery Ladder

Kaushik Nath and Palash Sarkar

Abstract: In this work various approaches for constant time conditional branching in Montgomery ladder have been studied. A previous method appearing in a code for implementing X25519 has been formalized algorithmically. This algorithm is based on a conditional select operation. We consider a variant of this algorithm which groups together operations in a more convenient manner. Further, we provide a new implementation of the conditional select operation using the cmov operation such that cmov works only on registers. This provides a better guarantee of constant time behavior.

Category / Keywords: public-key cryptography / Montgomery ladder, Diffie-Hellman protocol, constant time implementation, elliptic curve cryptography, Curve25519, Curve448

Date: received 5 Aug 2020, last revised 11 Dec 2020

Contact author: kaushikn_r at isical ac in,palash@isical ac in

Available format(s): PDF | BibTeX Citation

Note: Minor changes

Version: 20201211:082417 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]